https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222421#M1117448 <P>Are you using FDM or FMC, and what mode that FTD running, check the Limitation and see if the feasible :</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/730/management-center-device-config-73/device-ops-tfw.html?bookSearch=true" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/730/management-center-device-config-73/device-ops-tfw.html?bookSearch=true</A></P> Sun, 10 Nov 2024 16:43:21 GMT balaji.bandi 2024-11-10T16:43:21Z https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222289#M1117442 <P>Hi community,</P> <P>we want to deploy firepower 3105 -&nbsp;<SPAN>version 7.3.1&nbsp;to bridge two VLAN(119 &amp; 191) on distribution switch and allow two network to communicate with the same subnet as following<BR /></SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="andytffung_1-1731194190691.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/233540i7A28EF80C8556F6F/image-size/medium?v=v2&amp;px=400" role="button" title="andytffung_1-1731194190691.png" alt="andytffung_1-1731194190691.png" /></span></P> <P>we have run the following test with 10.127.190.11 and 10.127.190.42 ping each other:<BR />1. [success]<BR />&nbsp; &nbsp; a. 10.127.190.11 connected to FTD 1/1 directly <BR />&nbsp; &nbsp; b. 10.127.190.42 connected to FTD 1/2 directly<BR />&nbsp; &nbsp; c. FTD 1/1 &amp; 1/2 run BVI<BR />2. [fail]<BR />&nbsp; &nbsp; a. 10.127.190.11 connected to switchport with access port&nbsp; to vlan 191<BR />&nbsp; &nbsp; b. 10.127.190.42 connected to switchport with access port&nbsp; to vlan 119<BR />&nbsp; &nbsp; c. FTD 1/1&nbsp;connected to switchport with access port&nbsp; to vlan 191<BR />&nbsp; &nbsp; d. FTD 1/2&nbsp;connected to switchport with access port&nbsp; to vlan 119<BR />&nbsp; &nbsp; e. FTD 1/1 &amp; 1/2 run BVI<BR />3. [fail]<BR />&nbsp; &nbsp; a. 10.127.190.11 connected to switchport with access port&nbsp; to vlan 191<BR />&nbsp; &nbsp; b. 10.127.190.42 connected to switchport with access port&nbsp; to vlan 119<BR />&nbsp; &nbsp; c. switch and FTD connected with port channel<BR />&nbsp; &nbsp; d. switch port channel trunk vlan 191 &amp; 119<BR />&nbsp; &nbsp; e.&nbsp;FTD&nbsp;1/1 &amp; 1/2 run port channel<BR />&nbsp; &nbsp; f. FTD&nbsp;port channel have sub interface 191 &amp; 119<BR />&nbsp; &nbsp; g. FTD&nbsp;port-channel.119 and&nbsp;port-channel.191 run BVI</P> <P>Port channel</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="andytffung_0-1731197076843.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/233541i5E801ECAD3BC70D4/image-size/medium?v=v2&amp;px=400" role="button" title="andytffung_0-1731197076843.png" alt="andytffung_0-1731197076843.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="andytffung_1-1731197109986.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/233542i0F983538490E2D49/image-size/medium?v=v2&amp;px=400" role="button" title="andytffung_1-1731197109986.png" alt="andytffung_1-1731197109986.png" /></span></P> <P>Sub interface 119</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="andytffung_2-1731197144088.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/233543iDA770A55065A7D1F/image-size/medium?v=v2&amp;px=400" role="button" title="andytffung_2-1731197144088.png" alt="andytffung_2-1731197144088.png" /></span></P> <P>Sub interface 191</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="andytffung_3-1731197175992.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/233544iA36FF43480F501A7/image-size/medium?v=v2&amp;px=400" role="button" title="andytffung_3-1731197175992.png" alt="andytffung_3-1731197175992.png" /></span></P> <P>BVI</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="andytffung_4-1731197216369.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/233545i997CBBC9BC48D463/image-size/medium?v=v2&amp;px=400" role="button" title="andytffung_4-1731197216369.png" alt="andytffung_4-1731197216369.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 10 Nov 2024 00:08:05 GMT https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222289#M1117442 andy-tf-fung 2024-11-10T00:08:05Z https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222361#M1117446 <P>you use FW HA or standalone FW?</P> <P>MHM</P> Sun, 10 Nov 2024 13:03:51 GMT https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222361#M1117446 MHM Cisco World 2024-11-10T13:03:51Z https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222421#M1117448 <P>Are you using FDM or FMC, and what mode that FTD running, check the Limitation and see if the feasible :</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/730/management-center-device-config-73/device-ops-tfw.html?bookSearch=true" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/730/management-center-device-config-73/device-ops-tfw.html?bookSearch=true</A></P> Sun, 10 Nov 2024 16:43:21 GMT https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222421#M1117448 balaji.bandi 2024-11-10T16:43:21Z https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222543#M1117451 <P>we are using FMC and the FTD is running in transparent mode, and the FW is in HA</P> Mon, 11 Nov 2024 07:21:35 GMT https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222543#M1117451 andy-tf-fung 2024-11-11T07:21:35Z https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222552#M1117452 <P>from command level can you post below information :</P> <PRE><STRONG>show port-channel summary<BR /></STRONG></PRE> <PRE><STRONG>show interface ip brief<BR /></STRONG></PRE> <PRE><STRONG>show interface Port-channel1 detail</STRONG></PRE> <PRE><STRONG><BR /></STRONG></PRE> <PRE><STRONG><BR /><BR /></STRONG></PRE> Mon, 11 Nov 2024 07:47:33 GMT https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222552#M1117452 balaji.bandi 2024-11-11T07:47:33Z https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222590#M1117461 <P>Hi all,</P> <P>Thanks a lot for your help, may be I simplify the design since my issue is more on the bridging two different vlans with the same IP subnet.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="andytffung_0-1731316680193.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/233592i6C0E0B660BD7E103/image-size/medium?v=v2&amp;px=400" role="button" title="andytffung_0-1731316680193.png" alt="andytffung_0-1731316680193.png" /></span></P> <P>Interface<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="andytffung_2-1731316757367.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/233594iD2E3B99E89A3E6BE/image-size/medium?v=v2&amp;px=400" role="button" title="andytffung_2-1731316757367.png" alt="andytffung_2-1731316757367.png" /></span></P> <P>BVI</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="andytffung_3-1731316800030.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/233595i3DF62D9F68DC65A2/image-size/medium?v=v2&amp;px=400" role="button" title="andytffung_3-1731316800030.png" alt="andytffung_3-1731316800030.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <DIV id="tinyMceEditor_1f81b4174cd1a6andytffung_1" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>&nbsp;</P> Mon, 11 Nov 2024 09:20:12 GMT https://community.cisco.com/t5/network-security/firepower-bvi-with-port-channel-sub-interface/m-p/5222590#M1117461 andy-tf-fung 2024-11-11T09:20:12Z